Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

Published byBlaise Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2."— Presentation transcript:

1 LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2

2 LDAP Informational Model LDAP represented by entries Entries belong to one or more object classes Object classes is defined by attributes Attributes consist of a type and one or more values Schema defines object classes and attributes

3 Attributes Types Building blocks of LDAP entries Attributes types are defined in schema Attributes Types are built with the following components: Name Object Indentifier (OID) Syntax Matching Rules Inheritence

4 Name Case in-sentitive Can contain only letters, numbers, dashes, and semi-colons Standard convention is single words are lower case, capitalize the first letter of multiple words (no spaces) LettersgivenName Numbersx509Certificate Dashtest-attribute Semicolonx509Certificate;binary

5 Object Indentifiers (OID) ASN.1 Number Allow the attribute type to be globally unique Allow for different attribute names Different languages

6 Syntax Definitions Tells the user or server how to handle the data LDAP defines a number of different syntaxes Example UID is defined as a string If an integer is placed in the UID value arithmetic operations cannot be preformed on that value The integer is treated as string not a number Similar to programming languages

7 Syntax Definitions Syntax have OIDs Defines the syntaxes across languages Reduces english dependences

8 Syntax Definitions Basic Directory String Printable unicode strings encoded in UTF-8 Binary Non-printable binary data Complex Certificate Complex, binary-encoded certificate Telephone Number String, non-numeric content is not searched

9 Syntax OIDs (RFC 2252) Attribute Type Description Y 1.3.6.1.4.1.1466.115.121.1.3 Audio N 1.3.6.1.4.1.1466.115.121.1.4 Binary N 1.3.6.1.4.1.1466.115.121.1.5 Bit String Y 1.3.6.1.4.1.1466.115.121.1.6 Boolean Y 1.3.6.1.4.1.1466.115.121.1.7 Certificate N 1.3.6.1.4.1.1466.115.121.1.8 Certificate List N 1.3.6.1.4.1.1466.115.121.1.9 Certificate Pair N 1.3.6.1.4.1.1466.115.121.1.10 Country String Y 1.3.6.1.4.1.1466.115.121.1.11 DN Y 1.3.6.1.4.1.1466.115.121.1.12 Data Quality Syntax Y 1.3.6.1.4.1.1466.115.121.1.13 Delivery Method Y 1.3.6.1.4.1.1466.115.121.1.14 Directory String Y 1.3.6.1.4.1.1466.115.121.1.15 IA5 String Y 1.3.6.1.4.1.1466.115.121.1.26 INTEGER Y 1.3.6.1.4.1.1466.115.121.1.27 JPEG N 1.3.6.1.4.1.1466.115.121.1.28

10 Syntax Examples

11 Matching Rules Defines how the attribute should be searched Number of possible assertions are handled LDAP clients do not specify which rule they wish to use, the server decides based on matching rules defined for the attribute

12 Kinds of Matching Rules Equality Equality between attribute value and assertion value Greater than/Less than Ordering rules Substring If value is contained inside another value Subschema Value contained inside the schema

13 Matching Rules (RFC 2252) 2.5.13.1 NAME 'distinguishedNameMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ( 2.5.13.2 NAME 'caseIgnoreMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ( 2.5.13.8 NAME 'numericStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) ( 2.5.13.11 NAME 'caseIgnoreListMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) ( 2.5.13.14 NAME 'integerMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

14 Matching Rules ( 2.5.13.16 NAME 'bitStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) ( 2.5.13.20 NAME 'telephoneNumberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) ( 2.5.13.22 NAME 'presentationAddressMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 ) ( 2.5.13.23 NAME 'uniqueMemberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) ( 2.5.13.24 NAME 'protocolInformationMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) ( 2.5.13.27 NAME 'generalizedTimeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

15 Multiple Values Attributes can be defined to allow multiple values Values are NOT returned in any specific order

16 Inheritance Allows creation of abstract type and reduces redefinition of common types Example name attribute type Case insensitive string Case insensitive match commonName, givenName, surName These attributes have same features as name No need to redefine syntax and matching rules sup: name

17 Object Classes Object classes define the attributes of a particular entry Object class gives you information on the type of entry This allows the user to know the attribute the entry contains Every entry has at least one objectClass attribute

18 Object Class Example This entry belongs to three object classes A user can figure out what attributes are available for this entry dn: uid=dansinema,cn=users,dc=apple,dc=edu objectClass: organizationalPerson objectClass: person objectClass: top cn: Dan Sinema

19 Object Class Defined Name Object Identifier (OID) Inheritence Class Type Required Attribute Types Allowed Attribute Types

20 Object Class Name Case-insensitive Contains letter, numbers, dashes, semicolon Convention is only letters and numbers All lower case Multiple words first letter capitalized

21 Object Class OIDs Uniquely identify object class globally No real meaning other than to provide uniqueness

22 Object Class Inheritance Very similar to inheritance for attributes types ( 1.3.6.1.4.1.17946.1.2.1 NAME 'cartoon-character' SUP top STRUCTURAL DESC 'Cartoon character and all his/her attributes' MUST ( cn $ cartoon-catchPhrase $ cartoon-homeNetwork ) MAY ( cartoon-biography $ cartoon-tvShow $ cartoon-showTime $ cartoon-showDay $cartoon-tvSeasons ) )

23 Abstract Object Classes Never primary object class for any entry Used as a superclass One defined in LDAP “top” Every LDAP object class ultimately extends “top”

24 Structural Object Classes Every entry belongs to at least one structural object class Structural classes are the building blocks of LDAP ( 1.3.6.1.4.1.17946.1.2.1 NAME 'cartoon-character' SUP top STRUCTURAL DESC 'Cartoon character and all his/her attributes' MUST ( cn $ cartoon-catchPhrase $ cartoon-homeNetwork ) MAY ( cartoon-biography $ cartoon-tvShow $ cartoon-showTime $ cartoon-showDay $cartoon-tvSeasons ) )

25 Auxiliary Object Class Add secondary attributes to entries Must be added to entries which belong to at least one structural class Often used by organizations to customize objects for their environment

Download ppt "LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2."

Similar presentations

Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer

Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer
The Web Warrior Guide to Web Design Technologies

The Web Warrior Guide to Web Design Technologies
Lecture 2 Introduction to C Programming

Lecture 2 Introduction to C Programming
Introduction to C Programming

Introduction to C Programming
 2000 Prentice Hall, Inc. All rights reserved. Chapter 2 - Introduction to C Programming Outline 2.1Introduction 2.2A Simple C Program: Printing a Line.

 2000 Prentice Hall, Inc. All rights reserved. Chapter 2 - Introduction to C Programming Outline 2.1Introduction 2.2A Simple C Program: Printing a Line.
Introduction to C Programming

Introduction to C Programming
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
 2007 Pearson Education, Inc. All rights reserved. 1 2 2 Introduction to C Programming.

 2007 Pearson Education, Inc. All rights reserved Introduction to C Programming.
EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao Cleveland State University.

EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao Cleveland State University.
1 Data types, operations, and expressions Overview l Format of a Java Application l Primitive Data Types l Variable Declaration l Arithmetic Operations.

1 Data types, operations, and expressions Overview l Format of a Java Application l Primitive Data Types l Variable Declaration l Arithmetic Operations.
30-Jun-15 SQL A Brief Introduction. SQL SQL is Structured Query Language Some people pronounce SQL as “sequel” Other people insist that only “ess-cue-ell”

30-Jun-15 SQL A Brief Introduction. SQL SQL is Structured Query Language Some people pronounce SQL as “sequel” Other people insist that only “ess-cue-ell”
Introduction to C Programming

Introduction to C Programming
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
XP New Perspectives on XML Tutorial 4 1 XML Schema Tutorial – Carey ISBN 0-619- 10187-3 Working with Namespaces and Schemas.

XP New Perspectives on XML Tutorial 4 1 XML Schema Tutorial – Carey ISBN Working with Namespaces and Schemas.
ASN.1 CNS 4650 Fall 2004 Rev. 2.

ASN.1 CNS 4650 Fall 2004 Rev. 2.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 7 INTRODUCTION TO STRUCTURED QUERY LANGUAGE (SQL) Instructor Ms. Arwa.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 7 INTRODUCTION TO STRUCTURED QUERY LANGUAGE (SQL) Instructor Ms. Arwa.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin

Similar presentations

Ads by Google